1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

264 Commits

Author SHA1 Message Date
Werner Koch
e8011a7cec
gpg: Make symmetric + pubkey encryption de-vs compliant.
* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
de-vs compliant.

* g10/mainproc.c (struct symlist_item): New.
(struct mainproc_context): Add field symenc_list.
(release_list): Free that list.
(proc_symkey_enc): Record infos from symmetric session packet.
(proc_encrypted): Check symkey packet algos
--

The original check was too strong because it is in fact compliant to
encrypt with a symmetric key and and public key.  Thus decryption
should issue a compliance status.

In addition we now check that the cipher algorithms used to
symmetrically encrypt the session key are all compliant.  This is
similar to our check for all public key encrypted session key packets.

GnuPG-bug-id: 6119
Fixes-commit: b03fab09e188f7bb10237d4f20455e4026737e4e
2022-08-02 18:36:56 +02:00
Werner Koch
f021ecd576
gpg: Emit an ERROR status as hint for a bad passphrase.
* g10/mainproc.c (proc_symkey_enc): Issue new error code.
(proc_encrypted): Ditto.
--

This allows GPGME to return a better error message than "bad session
key" to the user.  Technically we could get run into these errors also
in other cases but this more unlikley.  For the command line use we
don't do anything to not change the expected output of the command
line interface.

GnuPG-bug-id: 5943
2022-04-25 11:18:40 +02:00
Werner Koch
e081a601f7
gpg: Allow decryption of symencr even for non-compliant cipher.
* g10/decrypt-data.c (decrypt_data): Add arg compliance_error.  Adjust
all callers.  Fail on compliance error only in --require-compliance
mode.  Make sure to return an error if the buffer is missing; actually
that should be an assert.
* g10/mainproc.c (proc_encrypted): Delay printing of the compliance
mode status.  Consult the compliance error now returned by
decrypt_data.
--

The actual case here is that we fail hard if a message has been AEAD
encrypted with one AEAD capable key and also with one passphrase.  In
general the preference system takes care of not using AEAD if one
recipient's key does not support it.  However, if the sender uses her
own AEAD-capable key _and_ a passphrase the message will be AEAD
encrypted.  This change allows to decrypt that anyway along with a
warning message.

Note that this does currently not work in 2.3 due to a non-compliant
libgcrypt.  We will however, backport this to 2.2.
2022-03-18 11:55:17 +01:00
Werner Koch
17890d4318
gpg: New option --require-compliance.
* g10/options.h (opt): Add field flags.require_compliance.
* g10/gpg.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
(check_sig_and_print): Ditto.
* g10/encrypt.c (encrypt_crypt): Ditto.
--

Note that in the --encrypt and --verify cased other checks may kick in
earlier than this new --require-compliance controlled one.
2022-03-08 18:19:38 +01:00
Jussi Kivilinna
9116fd1e9a
g10: Avoid extra hash contexts when decrypting MDC input
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_mdc'.
(release_list): Clear 'seen_pkt_encrypted_mdc'.
(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
(have_seen_pkt_encrypted_aead): Rename to...
(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
'seen_pkt_encrypted_mdc'.
(proc_plaintext): Do not enable extra hash contexts when decrypting
MDC input.
--

Avoiding extra hash contexts speeds up CFB/MDC decryption quite
a lot. For example, decrypting symmetric-key AES-256 encrypted
4 GiB file from RAM to /dev/null sees ~3.4x speed increase on
AMD Ryzen 5800X:

 AES256.CFB encryption: 783 MB/s
 AES256.CFB decryption: 386 MB/s (before)
 AES256.CFB encryption: 1.3 GB/s (after patch)

Note, AEAD is still significantly faster:

 AES256.OCB encryption: 2.2 GB/s
 AES256.OCB decryption: 3.0 GB/s

GnuPG-bug-id: T5820
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit ab177eed514f7f3432d78e7e6521ad24cc0f4762)

Even 2.2 with the older Libgcrypt 1.8 gets a threefold speedup; see
https://dev.gnupg.org/T5820#155447 (AES-128 vs. AES-256 does not make
a substanial difference)

Signed-off-by: Werner Koch <wk@gnupg.org>
2022-02-24 14:14:48 +01:00
Werner Koch
03f83bcda5
gpg: Use a more descriptive prompt for symmetric decryption.
* g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
(passphrase_to_dek_ext): Remove this obsolete prototype.
* g10/passphrase.c (passphrase_get): Add arg flags.  Use new flag
value.
(passphrase_to_dek): Add arg flags and pass it on.
* g10/mainproc.c (proc_symkey_enc): Use new flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-17 19:30:15 +02:00
Werner Koch
b59af0e2a0
gpg: Lookup a missing public key of the current card via LDAP.
* g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
key from the current card via LDAP.
* g10/call-dirmngr.c: Include keyserver-intetnal.h.
(gpg_dirmngr_ks_get): Rename arg quick into flags.  Take care of the
new LDAP flag.
* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
Replace the use of the value 1 for the former quick arg.
(KEYSERVER_IMPORT_FLAG_LDAP): New.
* g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
length.
* dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
* dirmngr/server.c (cmd_ks_get): Add option --ldap.
--

This change makes it easy to start working with gnupg: Just insert the
smartcard or token provided to you and the first time you sign a
message the public key associated with the current card will be
imported and everything is set without any configuration.

This works only with an LDAP directory because it can be expected that
the public key has been put into the LDAP during card personalization.
Of course an LDAP server needs to be configured; in a Windows AD
domain this can be a mere "keyserver ldap:///" in dirmngr.conf.  Other
configured keyservers are ignored.

Requirements for the card driver: The $SIGNKEYID attribute must exists
and a query for the KEY-FPR attribute needs to return the OpenPGP
fingerprint for that key.  This is currently supported for OpenPGP
cards and certain PKCS#15 cards.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d7e707170fbe2956deb3d81e2802d21352079722)
2021-05-03 20:28:33 +02:00
Werner Koch
6e258babe7
Include the library version in the compliance checks.
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--

This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant.  GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 90c514868ff5fcf6d39490d4874ac3a31ba9e85f)
2021-01-28 16:01:53 +01:00
Werner Koch
9037be5f40
gpg: Fix ugly error message for an unknown symkey algorithm.
* g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown
algorithm.
--

Trying to encrypt data created with

 printf "\x8c\x49\x05\x0e\x0a\x03\x01"

fails in version 2.2.19 with

 gpg: packet(3) with unknown version 5

but with later versions with

  gpg: encrypted with unknown algorithm 14
  gpg: Ohhhh jeeee: ... this is a bug \
       ([...]/passphrase.c:433:passphrase_to_dek)

so we better catch this case earlier.

Reported-by: Tavis Ormandy
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-27 11:45:33 +01:00
Werner Koch
5d98f95aa9
gpg: Provide better diagnostic for replaced card keys.
* agent/divert-scd.c (divert_pksign): Add arg 'grip'.  Replace OPENPGP
key reference to keygrips.
(divert_pkdecrypt): Ditto.
* agent/protect.c (parse_shadow_info): Trim spaces.
* agent/pkdecrypt.c (agent_pkdecrypt): Pass the keygrip.
* agent/pksign.c (agent_pksign_do): Ditto.

* g10/mainproc.c (print_pkenc_list): Print extra info for an invalid
id error.
* g10/sign.c (do_sign): Ditto.
--

Using the keygrip instead of the identifier works on OpenPGP cards and
thus we use that to make sure that we are working on the right card.
For other cards we better don't do that to avoid regressions.  Those
other cards are also usually provided and do not allow to
self-generate the keys.

Note that old versions of the code (gpg 1.4) used the fingerprint as
additional check but that was eventually removed and now that we use
the keygrip all over the place, it is best to use this to identify a
key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-13 16:06:59 +01:00
Werner Koch
4a36adaa64
sm: Exclude rsaPSS from de-vs compliance mode.
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS.  Adjust all callers.
* common/util.c (pubkey_algo_to_string): New.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg.  Add arg pkalgoflags.  Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags.  Pass algo flags along.  Change some of the
info output to be more like current master.
--
Signed-off-by: Werner Koch <wk@gnupg.org>

This backport from master
commit 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
also includes some changes taken from
commit a759fa963a42e0652134130029217270b6d5d00b
(sm: Improve readability of the data verification output.)

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-03 17:08:58 +02:00
Werner Koch
1dfe71c62b
gpg: Support decryption of the new AEAD packet
* common/openpgpdefs.h (aead_algo_t): New.
(pkttype_t): Add PKT_ENCRYPTED_AEAD.
* g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
AEAD.
(aead_set_nonce_and_ad): New.
(aead_checktag): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/dek.h (DEK): Add field use_aead.  Turn use_mdc,
algo_info_printed, and symmetric into bit flags.
* g10/mainproc.c (struct mainproc_context): Add field
seen_pkt_encrypted_aead.
(release_list): Clear it.
(have_seen_pkt_encrypted_aead): New.
(symkey_decrypt_seskey): Support AEAD.
(proc_symkey_enc): Ditto.
(proc_encrypted): Ditto.
(proc_plaintext): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(openpgp_aead_algo_info): New.
* g10/packet.h (PKT_symkey_enc): Add field use_aead.
(PKT_user_id): Add field flags.aead
(PKT_public_key): Ditto.
(PKT_encrypted): Add fields for AEAD.
* g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
(parse_symkeyenc): Support AEAD.
(parse_encrypted): Ditto.
(dump_sig_subpkt): Dump AEAD preference packet.
(parse_encrypted_aead): New.
--

This patch allows to decrypt data encrypted using the new AEAD
mechanism as specified in rfc4880bis.  Although preferences are used
to enable this new mode, it is useful to have at least a decryption
option in case a user switches between GnuPG 2.2 and newer versions.

The new AEAD mechanism is much faster than the current CFB+MDC and
thus 2.2 will allow faster decryption of symmetric only decryption.

This patch is based on the current master (2.3) code base and includes
a few other patches.  In particular
commit 44be675b759d27bac310c2de8bae1b7882a26b65
(gpg: More check for symmetric key encryption.)
is included.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 08:25:55 +02:00
Werner Koch
95b42278ca
gpg: New option --auto-key-import
* g10/gpg.c (opts): New options --auto-key-import,
--no-auto-key-import, and --no-include-key-block.
(gpgconf_list): Add them.
* g10/options.h (opt): Add field flags.auto_key_import.
* g10/mainproc.c (check_sig_and_print): Use flag to enable that
feature.
* tools/gpgconf-comp.c: Give the new options a Basic config level.
--

Note that the --no variants of the options are intended for easy
disabling at the command line.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 20:07:37 +01:00
Werner Koch
b42d9f540c
gpg: Make use of the included key block in a signature.
* g10/import.c (read_key_from_file): Rename to ...
(read_key_from_file_or_buffer): this and add new parameters.  Adjust
callers.
(import_included_key_block): New.
* g10/packet.h (PKT_signature): Add field flags.key_block.
* g10/parse-packet.c (parse_signature): Set that flags.
* g10/sig-check.c (check_signature2): Add parm forced_pk and change
all callers.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Try the included key block if no key is
available.
--

This is is the second part to support the new Key Block subpacket.
The idea is that after having received a signed mail, it is instantly
possible to reply encrypted - without the need for any centralized
infrastructure.

There is one case where this does not work: A signed mail is received
using a specified signer ID (e.g. using gpg --sender option) and the
key block with only that user ID is thus imported.  The next time a
mail is received using the same key but with a different user ID; the
signatures checks out using the key imported the last time.  However,
the new user id is not imported.  Now when trying to reply to that
last mail, no key will be found.  We need to see whether we can update
a key in such a case.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 19:53:40 +01:00
Werner Koch
3242837d20
gpg: With --auto-key-retrieve prefer WKD over keyservers.
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver.  Remove keyserver lookup just by the
keyid.  Try a WKD lookup before a keyserver lookup.
--

The use of the the keyid for lookups does not make much sense anymore
since for quite some time we do have the fingerprint as part of the
signature.

GnuPG-bug-id: 4595
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9)
2019-07-05 10:43:55 +02:00
Jussi Kivilinna
6008410e51
g10/mainproc: disable hash contexts when --skip-verify is used
* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
opt.skip_verify is set.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit 73e74de0e33bbb76300f96a4174024779047df06)
2018-12-05 08:26:09 +01:00
Werner Koch
b4599a0449
gpg: Allow decryption using several passphrases in may cases.
* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algorithm.
(proc_symkey_enc): Clear passpharse on error from above function.
--

This does not work reliable as stated in bug 3795 but we can try to
fix ~95% of all cases.  The real fix is to use AEAD which will come
with 2.3

GnuPG-bug-id: 3795, 4050
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-06 08:24:57 +02:00
Werner Koch
221af19351
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--

GnuPG-bug-id: 4046

The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f7526c7bc754acf68bde0b79c785e875a9365d60)
2018-07-05 21:41:02 +02:00
Werner Koch
18274db32b
gpg: Allow building with older libgpg-error.
* g10/mainproc.c (proc_encrypted): Use constant from logging.h
--

Because the log levels are enums I had to change there names in
libgpg-error to avoid clashes.  Master uses the new names but 2.2
needs to stick to the old names.

Fixes-commit: 825909e9cd5f344ece6c0b0ea3a9475df1d643de
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-08 22:01:10 +02:00
Werner Koch
210e402acd
gpg: Sanitize diagnostic with the original file name.
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--

This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic.  The mention CVE is about using this to inject
status-fd lines into the stderr output.  Other harm good as well be
done.  Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.

CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012
(cherry picked from commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b)
2018-06-08 10:46:42 +02:00
Werner Koch
054a187f24
gpg: Also detect a plaintext packet before an encrypted packet.
* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
--

Note that when this error is triggered the plaintext from the literal
data packet has already been outputted before the BEGIN_DECRYPTION
status line.  We fail only later to get more information.  Callers
need to check and act upon the decryption error code anyway.

Thanks to Marcus for pointing out this case.

GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 344b548dc71657d0285d93f78f17a2663b5e586f)
2018-06-06 15:49:00 +02:00
Werner Koch
825909e9cd
gpg: Print a hint on how to decrypt a non-mdc message anyway.
* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
MDC.  Also print a dedicated status error code

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 874e391665405fc413a69f2ffacdb94bb08da7ff)
2018-05-31 13:04:22 +02:00
Werner Koch
2f2b1d1da9
gpg: Detect multiple literal plaintext packets more reliable.
* g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
--

GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 97183b5c0fae05fcda942caa7df14ee6a133d846)
2018-05-31 12:10:54 +02:00
Werner Koch
3db1b48a2d
gpg: Hard fail on a missing MDC even for legacy algorithms.
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f)

Resolved Conflicts:
	g10/mainproc.c - Remove AEAD stuff.
2018-05-31 11:54:07 +02:00
Werner Koch
26c0d3a3fc
gpg: Turn --no-mdc-warn into a NOP.
* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/options.h (struct opt): Remove 'no_mdc_var'.
* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
* g10/mainproc.c (proc_encrypted): Ditto.
--

Users should not be allowed to suppress the warning that they are
shooting into their foot.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96350c5d5afcbc7f66c535e38b9fcc7355622855)
2018-05-31 11:47:07 +02:00
NIIBE Yutaka
f747b8f073 g10: Fix memory leak in check_sig_and_print.
* g10/mainproc.c (check_sig_and_print): Free the public key.

--

GnuPG-bug-id: 3900
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-13 16:42:34 +09:00
Werner Koch
69c3e7acb7
gpg: Extend the "sig" record in --list-mode.
* g10/getkey.c (get_user_id_string): Add arg R_NOUID.  Change call
callers.
(get_user_id): Add arg R_NOUID.  Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode.  Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--

Scripts used to rely on the "User ID not found" string even in the
--with-colons listing.  However, that is not a good idea because that
string is subject to translations etc.  Now we have an explicit way of
telling that a key is missing.  For example:

  gpg --list-sigs --with-colons | \
    awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'

Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 17:53:17 +02:00
Werner Koch
23a714598c
gpg: Extend the ERRSIG status line with a fingerprint.
* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR.  Use ISSUER_FPR_RAW.
Use write_status_printf.  Extend ERRSIG status.
--

Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature.  This is also useful in error messages and thus we add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 16:41:18 +02:00
Werner Koch
339b3301ee
gpg: Print all keys with --decrypt --list-only.
* g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
list-only and put the key into PKENC_LIST.
(print_pkenc_list): Take care of the new error code.
--

If the secret keys exist in --list-only mode it was not printed in
--list-only mode.

GnuPG-bug-id: 3718
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-08 09:30:31 +01:00
Werner Koch
6502bb0d2a
gpg: Tweak compliance checking for verification
* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--

We should be able to verify all signatures.  So we only print a
warning.  That is the same beheavour as for untrusted keys etc.

GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-27 16:22:36 +02:00
Marcus Brinkmann
e4c720fa3b g10: Avoid caching passphrase for failed symmetric encryption.
* g10/mainproc.c (proc_encrypted): If error code is GPG_ERR_CIPHER_ALGO,
assume the symmetric passphrase was wrong and invalidate the cache.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2270
2017-07-21 20:03:59 +02:00
Werner Koch
2e54594574
gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
* g10/mainproc.c (check_sig_and_print): Track key server request via
fingerprint.
--

New signatures carry the fingerprint and thus --auto-key-retrieve tries
to lookup the key by fingerprint.  If that failed it used to also ask
the same thing by KEYID - but the keyid is part of the fingerprint and
thus it will either get no response or the wrong key back.  We can
easily avoid this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-19 13:09:13 +02:00
Werner Koch
3621dbe525
gpg,gpgsm: Fix compliance check for DSA and avoid an assert.
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check.  Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check.  Replace
assert by debug message.

--

Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative.  Better use a boolean test.

The assert could have lead to a regression for no good reason.  Not
being compliant is better than breaking existing users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 19:57:11 +02:00
Justus Winter
b03fab09e1
gpg: Fix computation of compliance with CO_DE_VS.
* g10/mainproc.c (proc_encrypted): Symmetric encryption is also in
compliance with CO_DE_VS.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-08 13:57:53 +02:00
Justus Winter
e051e39615
common: Add cipher mode to compliance predicate.
* common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
* common/compliance.h (gnupg_cipher_is_compliant): Likewise.
* g10/mainproc.c (proc_encrypted): Adapt callsite.
* sm/decrypt.c (gpgsm_decrypt): Likewise.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:54:44 +02:00
Justus Winter
be8ca88526
gpg: Report compliance with CO_DE_VS.
* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD.  This information will be picked up by the frontend and
presented to the user.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 13:16:18 +02:00
Justus Winter
663e5ed073
gpg: Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-30 14:30:43 +02:00
Werner Koch
8f2671d2cc
gpg: Pass CTRL to many more functions.
--

For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions.  Quite
a lot of changes but fortunately straightforward to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:07:20 +02:00
Werner Koch
a8895c99a7
gpg: Revamp reading and writing of ring trust packets.
* g10/parse-packet.c (parse_trust): Rename to ...
(parse_ring_trust): this.  Change args and implement new ring trust
packet format.
(parse): Add special ring trust packet handling.
* g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
KEYSRC.
(PKT_public_key): Ditto.
(RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
(PKT_ring_trust): New.
(struct packet_struct): Remove member RING_TRUST.
(strcu parse_packet_ctx_s): Add field SKIP_META.
(init_parse_packet): Init SKIPT_META.
* g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
(free_user_id): Ditto.
* g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
lines.
* g10/build-packet.c (build_packet_and_meta): New.
(do_ring_trust): New.
* g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
in backup mode.
(do_export_one_keyblock): Ditto.
* g10/import.c (read_block): Add arg WITH_META.  Skip ring trust
packets if that ism not set.
(import): Call read_block WITH_META in restore mode.
* g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
(KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants.  They are not
yet used, though.
* g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
(build_keyblock_image): Ditto.  Use build_packet_and_meta.
* g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
ring trust packets.
(write_keyblock): Use build_packet_and_meta.  Remove special treatment
of ring trust packets and initialization of the signature caches.
--

This patch introduced the framework to store meta data for keys and
user ids in the keyrings/keyboxes.  Ring trust packets are
implementation defined and have always been used in gpg to cache the
signature verification status.

Ring trust packets are only exported with the export option "backup"
and only imported with the import option "restore".

The new code uses a cleaner way to handle the ring trust packets: When
the parser reads a ring trust packet and the previously read packet
matches the type of that ring trust packet, the information is stored
in that previously read packet (signature, user id, or primary key)
and the next packet is read immediately.  Thus only the parser sees
the ring trust packets.  Ring trust packets are written by using the
new function build_packet_and_meta instead of build_packet.  That
function writes a ring trust packet when the needed information is
available.

As a side-effect of this patch the signature status cache works again
and "gpg --check-sigs" is thus much faster.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 09:07:02 +02:00
Werner Koch
afa8680908
gpg: Extend free_packet to handle a packet parser context.
* g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
FREE_LAST_PKT.
(init_parse_packet): Clear them.
(deinit_parse_packet): New macro.  Change all users if
init_parse_packet to also call this macro.
* g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
packet copies in the context.  Change all callers.
* g10/parse-packet.c (parse): Store certain packets in the parse
context.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-29 12:08:31 +02:00
Werner Koch
0526c99164
gpg: Change parse_packet to take a context.
* g10/packet.h (struct parse_packet_ctx_s): New.
(parse_packet_ctx_t): New type.
(init_parse_packet): New macro.
* g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take
a parse context.  Change all callers to provide a context instead of
directly supplying the input stream.
(search_packet, dbg_search_packet): Ditto.
(copy_all_packets, dbg_copy_all_packets): Init an use a parse context.
(copy_some_packets, dbg_copy_some_packets): Ditto.
(skip_some_packets, dbg_skip_some_packets): Ditto.
--

We will need this change to handle ring packets inside the parser.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-29 10:06:29 +02:00
Justus Winter
2649fdfff5
g10: Move more flags into the flag bitfield.
* g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and
'is_expired' into the flags bitfield, and drop the prefix.
* g10/call-dirmngr.c: Adapt accordingly.
* g10/export.c: Likewise.
* g10/getkey.c: Likewise.
* g10/import.c: Likewise.
* g10/kbnode.c: Likewise.
* g10/keyedit.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyserver.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pubkey-enc.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
--

This patch has been created by applying the following semantic patch:

    @@
    expression E;
    @@
    -E->is_expired
    +E->flags.expired

    @@
    expression E;
    @@
    -E->is_primary
    +E->flags.primary

    @@
    expression E;
    @@
    -E->is_revoked
    +E->flags.revoked

Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-08 13:31:10 +01:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Werner Koch
e182542e90
gpg: Do not require a trustdb for decryption.
* g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE.
Change to return an error code.  Change all callers to to pass False
for NO_CREATE.
(tdb_get_ownertrust): New arg NO_CREATE.  Call init_trustdb to test
for a non-existing trustdb.  Change all callers to to pass False for
NO_CREATE.
(tdb_get_min_ownertrust): Ditto.
* g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE.  Call
init_trustdb for a quick check.
(get_ownertrust_info): Add arg NO_CREATE.
(get_ownertrust_string): Ditto.
* g10/gpgv.c (get_ownertrust_info): Adjust stub.
* g10/test-stubs.c (get_ownertrust_info): Ditto.
* g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE
set.
* g10/pubkey-enc.c (get_it): Ditto.
--

Fixes-commit: effa80e0b5fd8cf9e31a984afe391c2406edee8b

For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to
gnupg-devel 'test failure on git master with
decrypt-session-key.scm (and: continuous integration?)'

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-28 20:30:48 +01:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Werner Koch
ef10c348bf
gpg: Fix error code arg in ERRSIG status line.
* g10/mainproc.c (check_sig_and_print): Use gpg_err_code to return an
error code in ERRSIG.
--

Debian-bug-id: 846834
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-03 21:36:14 +01:00
Neal H. Walfield
03a65a5323 g10: Avoid gratuitously loading a keyblock when it is already available
* g10/trust.c (get_validity): Add new, optional parameter KB.  Only
load the keyblock if KB is NULL.  Update callers.
(get_validity): Likewise.
* g10/trustdb.c (tdb_get_validity_core): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2812
2016-11-23 12:29:22 +01:00
Justus Winter
2cd281c4de g10: Fix memory leak.
* g10/mainproc.c (check_sig_and_print): Free 'pk'.

Fixes-commit: 37e3c897252babc203447be9d2f286a4507875ad
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-14 17:33:18 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Werner Koch
b6f08dbb0b
gpg: Enable the Issuer Fingerprint from rfc4880bis
* g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new
Issuer Fingerprint sub-packet.
* g10/mainproc.c (check_sig_and_print): Always consider that
sub-packet.
--

The specs for this sub-packet have been pushed to the OpenPGP WG's
repo today.

See-also: https://mailarchive.ietf.org/arch/msg/\
	openpgp/GvPo2eSL9GW9WcGhOocY7KBa9FY

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-28 21:01:51 +02:00